US developing extreme digital forensic wizard

DARPA’s Cyber Genome Program could collect, trace and identify all things digital

Can anything you create digitally - software code, e-mail or documents - be traced back to you like so much DNA from a crime scene?  Research scientists at the Defense Advanced Research Projects Agency (DARPA) seem to think so as they announced this week the $43 million Cyber Genome Program it hopes will develop technologies that will help law enforcement types collect, analyze and identify all manner of digital artifacts

The objective of the four-year program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from software, data, and/or users to support law enforcement, counter intelligence, and cyber defense teams, DARPA stated. Such digital artifacts may be collected from computers, personal digital assistants, and/or distributed information systems such as cloud computers, from wired or wireless networks, or collected storage media.  The format may include electronic documents or software to include malware, DARPA stated. 

Layer 8 Extra:

12 mad science projects that could shake the world

Inside the bad-ass world of military research projects 

"A challenge in the cyber community is the ability to identify, analyze, and classify users, software, and digital artifacts.  The traditional approach has been to develop custom solutions addressing individual threats for individual systems.  However, it is not a viable approach to enumerate all possible combinations of solutions for each network threat for every sensor, weapon, and command-and-control platform," DARPA stated.  "The result has been a continuous and rapid proliferation of cyber attacks, malicious software and 'spam' email.  These challenges provide an asymmetric advantage to adversaries who can develop inexpensive, evolutionary cyber exploits that bypass or defeat intrusion detection and protection systems, host-based defenses, and forensic analysis." 

As with most DARPA projects, this one has a number of advanced requirements.  For example, according to DARPA the new system must: 

  • Identify and/or validate users from their host and/or network behavior. "Something you do" may augment existing identification and/or authentication technologies to discover "insiders" with malicious goals or objectives.
  • Handle automated analysis and visualization of computer binary (machine language) features and behaviors (reverse engineering) to help assist analysts understand the software's function and intent.
  • Create lineage trees for a class of digital artifacts to gain a better understanding of software evolution. In other words trace what DARPA calls the ancestors or descendants of digital artifacts and determine the author and development environment of digital artifacts
  • Identify and categorize of new variants of previously seen digital artifacts to reduce the threat of zero-day attacks that are variants of previously seen attacks.
  • Determine or characterization of digital artifact developers or development environments to aid in software and/or malware attribution. 

This isn't the only cyber systems DARPA is working on as you might imagine.  It also has in the pipe-line an avant-garde artificial intelligence (AI) software system known as a Machine Reading Program (MRP) that can capture knowledge from naturally occurring text and transform it into the formal representations used by AI reasoning systems. 

The idea is that such an intelligent learning system would unleash a wide variety of new AI applications - military and civilian -- ranging from intelligent bots to personal tutors DARPA said. 

For example, all of the text in the World Wide Web will become available for automating the monitoring and analysis of technological and political activities of nations; plans, rhetoric, and activities of transnational organizations; and scientific discovery within various disciplines, DARPA stated. 

As digitized text from library books world wide becomes available, new avenues of cultural awareness and historical research will be enabled. With truly general techniques for effectively handling the incompatibilities between natural language and the language of formal inference, a system could, in principal, be constructed that maps between natural and formal languages in any subject domain, DARPA said. 

DARPA also recently awarded almost $56 million to two contractors it expects will develop the second phase of technologies that it promises will be revolutionary and bolster current cyber security technology by orders of magnitude. DARPA spent $30 million to develop Phase 1. 

The contracts are part of DARPA's ambitious National Cyber Range program the agency says will develop revolutionary cyber research and development technologies.  DARPA says that the NCR will advance myriad security technologies and "conduct unbiased, quantitative and qualitative assessment of information assurance and survivability tools in a network environment." 

Layer 8 in a box

Check out these other hot stories:

Courts move to ban juror use of Blackberry, iPhone, Twitter and Facebook

NASA may transform but major problems remain

NASA moves quickly to advance commercial space operations

NASA facing game-changing times

Military's robotic pack mule comes to life for $32M

NASA has tons of cool space technologies that may never get to space

NSF earmarks $30M for game-changing Internet research

Venerable B-52 bomber gets network centric

Slick algorithm helps spot tech trouble in everything from networks to satellites

IBM, researchers get 24M DOE supercomputer hours to develop controversial lithium air battery

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022